You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tubemq.apache.org by gx...@apache.org on 2020/07/27 03:36:54 UTC

[incubator-tubemq-website] 01/01: [TUBEMQ-304] Update how-to-verify

This is an automated email from the ASF dual-hosted git repository.

gxcheng pushed a commit to branch TUBEMQ-304
in repository https://gitbox.apache.org/repos/asf/incubator-tubemq-website.git

commit 6e2a1340097d9b06dc7a1d7831511a11c1c51ff5
Author: Guangxu Cheng <gx...@apache.org>
AuthorDate: Mon Jul 27 11:29:59 2020 +0800

    [TUBEMQ-304] Update how-to-verify
---
 docs/en-us/development/how-to-verify.md | 60 +++++++++++++++++++++++++++++++--
 docs/zh-cn/development/how-to-verify.md | 60 +++++++++++++++++++++++++++++++--
 2 files changed, 114 insertions(+), 6 deletions(-)

diff --git a/docs/en-us/development/how-to-verify.md b/docs/en-us/development/how-to-verify.md
index ed8d905..e8dae4d 100644
--- a/docs/en-us/development/how-to-verify.md
+++ b/docs/en-us/development/how-to-verify.md
@@ -26,9 +26,63 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
 ### 2.2 检查gpg签名
   - 导入公钥
   ```shell
-  curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS
+  curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS
   gpg --import KEYS # 导入KEYS到本地
   ```
+  - 信任公钥
+  > 信任此次版本所使用的KEY
+  ```shell
+    gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY
+    gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc.
+    This is free software: you are free to change and redistribute it.
+    There is NO WARRANTY, to the extent permitted by law.
+    
+    Secret key is available.
+    
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    gpg> trust #信任
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    Please decide how far you trust this user to correctly verify other users' keys
+    (by looking at passports, checking fingerprints from different sources, etc.)
+    
+      1 = I don't know or won't say
+      2 = I do NOT trust
+      3 = I trust marginally
+      4 = I trust fully
+      5 = I trust ultimately
+      m = back to the main menu
+    
+    Your decision? 5 #选择5
+    Do you really want to set this key to ultimate trust? (y/N) y #选择y
+                                                                 
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    gpg> 
+         
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+  ```
   - 使用如下命令检查签名
   ```shell
   for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done
@@ -39,7 +93,7 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
   gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz
 ```
   - 检查结果
-出现类似以下内容则说明签名正确,关键字:`Good signature`
+  > 出现类似以下内容则说明签名正确,关键字:**`Good signature`**
 ```shell
 apache-tubemq-0.3.0-incubating-src.tar.gz
 gpg: Signature made Sat May 30 11:45:01 2020 CST
@@ -79,4 +133,4 @@ for i in *.tar.gz.sha512; do echo $i; sha512sum -c $i; done
   - 能否正常部署成功
   - 部署测试环境、验证生产消费能否正常运行
   - 验证你认为可能会出问题的地方
-  - ....
+  - ....
\ No newline at end of file
diff --git a/docs/zh-cn/development/how-to-verify.md b/docs/zh-cn/development/how-to-verify.md
index 6294e70..bb26b29 100644
--- a/docs/zh-cn/development/how-to-verify.md
+++ b/docs/zh-cn/development/how-to-verify.md
@@ -24,9 +24,63 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
 ### 2.2 检查gpg签名
   - 导入公钥
   ```shell
-  curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS
+  curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS
   gpg --import KEYS # 导入KEYS到本地
   ```
+  - 信任公钥
+  > 信任此次版本所使用的KEY
+  ```shell
+    gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY
+    gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc.
+    This is free software: you are free to change and redistribute it.
+    There is NO WARRANTY, to the extent permitted by law.
+    
+    Secret key is available.
+    
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    gpg> trust #信任
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    Please decide how far you trust this user to correctly verify other users' keys
+    (by looking at passports, checking fingerprints from different sources, etc.)
+    
+      1 = I don't know or won't say
+      2 = I do NOT trust
+      3 = I trust marginally
+      4 = I trust fully
+      5 = I trust ultimately
+      m = back to the main menu
+    
+    Your decision? 5 #选择5
+    Do you really want to set this key to ultimate trust? (y/N) y #选择y
+                                                                 
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    gpg> 
+         
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+  ```
   - 使用如下命令检查签名
   ```shell
   for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done
@@ -37,7 +91,7 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
   gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz
 ```
   - 检查结果
-出现类似以下内容则说明签名正确,关键字:`Good signature`
+  > 出现类似以下内容则说明签名正确,关键字:**`Good signature`**
 ```shell
 apache-tubemq-0.3.0-incubating-src.tar.gz
 gpg: Signature made Sat May 30 11:45:01 2020 CST
@@ -77,4 +131,4 @@ for i in *.tar.gz.sha512; do echo $i; sha512sum -c $i; done
   - 能否正常部署成功
   - 部署测试环境、验证生产消费能否正常运行
   - 验证你认为可能会出问题的地方
-  - ....
+  - ....
\ No newline at end of file